安全研究
安全漏洞
XFree86 Dexconf Dev/Dri目录权限不安全漏洞
发布日期:2001-08-28
更新日期:2003-07-03
受影响系统:
XFree86 X11R6描述:
BUGTRAQ ID: 8032
CVE(CAN) ID: CVE-2001-1409
XFree86是一款流行的X服务器。
XFree86包含的dexconf工具不正确设置目录权限,本地攻击者可以利用这个漏洞删除或者修改目录中搜集的数据。
dexconf工具在设置/dev/dri目录时以666权限建立,因此任意攻击者可以修改和删除此目录下的文件和数据,或者使用恶意程序代替正常文件,可能导致权限提升。
<*来源:Brendan O'Dea (bod@debian.org)
链接:http://groups.google.com/groups?selm=20010829121505.A16004%40compusol.com.au
http://www.securityfocus.com/advisories/5521
http://www.securityfocus.com/advisories/5515
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* Brendan O'Dea <bod@debian.org>提供如下未测试的补丁:
--- xc/programs/Xserver/hw/xfree86/os-support/linux/drm/xf86drm.c.orig Fri May 18 20:26:45 2001
+++ xc/programs/Xserver/hw/xfree86/os-support/linux/drm/xf86drm.c Mon Aug 27 00:08:14 2001
@@ -174,7 +174,6 @@
stat_t st;
char buf[64];
int fd;
- mode_t dirmode = DRM_DEV_DIRMODE;
mode_t devmode = DRM_DEV_MODE;
int isroot = !geteuid();
#if defined(XFree86Server)
@@ -184,23 +183,17 @@
#if defined(XFree86Server)
devmode = xf86ConfigDRI.mode ? xf86ConfigDRI.mode : DRM_DEV_MODE;
- dirmode = (devmode & S_IRUSR) ? S_IXUSR : 0;
- dirmode |= (devmode & S_IRGRP) ? S_IXGRP : 0;
- dirmode |= (devmode & S_IROTH) ? S_IXOTH : 0;
- dirmode |= devmode;
devmode &= ~(S_IXUSR|S_IXGRP|S_IXOTH);
group = (xf86ConfigDRI.group >= 0) ? xf86ConfigDRI.group : DRM_DEV_GID;
#endif
- if (stat(DRM_DIR_NAME, &st)) {
+ if (stat(DRM_DIR_NAME, &st) || !S_ISDIR(st.st_mode)) {
if (!isroot) return DRM_ERR_NOT_ROOT;
remove(DRM_DIR_NAME);
- mkdir(DRM_DIR_NAME, dirmode);
+ mkdir(DRM_DIR_NAME, 0755);
+ chown(DRM_DIR_NAME, 0, 0); /* root:root */
+ chmod(DRM_DIR_NAME, 0755);
}
-#if defined(XFree86Server)
- chown(DRM_DIR_NAME, user, group);
- chmod(DRM_DIR_NAME, dirmode);
-#endif
sprintf(buf, DRM_DEV_NAME, DRM_DIR_NAME, minor);
if (stat(buf, &st) || st.st_rdev != dev) {
厂商补丁:
RedHat
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
RedHat XFree86-100dpi-fonts-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-100dpi-fonts-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-100dpi-fonts-4.2.1-20.i386.rpm
RedHat XFree86-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-4.2.1-20.i386.rpm
RedHat XFree86-75dpi-fonts-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-75dpi-fonts-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-75dpi-fonts-4.2.1-20.i386.rpm
RedHat XFree86-ISO8859-15-100dpi-fonts-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-ISO8859-15-100dpi-fonts-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-20.i386.rpm
RedHat XFree86-ISO8859-15-75dpi-fonts-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-ISO8859-15-75dpi-fonts-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-20.i386.rpm
RedHat XFree86-ISO8859-2-100dpi-fonts-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-ISO8859-2-100dpi-fonts-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-20.i386.rpm
RedHat XFree86-ISO8859-2-75dpi-fonts-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-ISO8859-2-75dpi-fonts-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-20.i386.rpm
RedHat XFree86-ISO8859-9-100dpi-fonts-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-ISO8859-9-100dpi-fonts-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-20.i386.rpm
RedHat XFree86-ISO8859-9-75dpi-fonts-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-ISO8859-9-75dpi-fonts-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-20.i386.rpm
RedHat XFree86-Mesa-libGL-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-Mesa-libGL-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-Mesa-libGL-4.2.1-20.i386.rpm
RedHat XFree86-Mesa-libGLU-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-Mesa-libGLU-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-Mesa-libGLU-4.2.1-20.i386.rpm
RedHat XFree86-Xnest-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-Xnest-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-Xnest-4.2.1-20.i386.rpm
RedHat XFree86-Xvfb-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-Xvfb-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-Xvfb-4.2.1-20.i386.rpm
RedHat XFree86-base-fonts-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-base-fonts-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-base-fonts-4.2.1-20.i386.rpm
RedHat XFree86-cyrillic-fonts-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-cyrillic-fonts-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-cyrillic-fonts-4.2.1-20.i386.rpm
RedHat XFree86-devel-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-devel-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-devel-4.2.1-20.i386.rpm
RedHat XFree86-doc-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-doc-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-doc-4.2.1-20.i386.rpm
RedHat XFree86-font-utils-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-font-utils-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-font-utils-4.2.1-20.i386.rpm
RedHat XFree86-libs-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-libs-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-libs-4.2.1-20.i386.rpm
RedHat XFree86-tools-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-tools-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-tools-4.2.1-20.i386.rpm
RedHat XFree86-truetype-fonts-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-truetype-fonts-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-truetype-fonts-4.2.1-20.i386.rpm
RedHat XFree86-twm-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-twm-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-twm-4.2.1-20.i386.rpm
RedHat XFree86-xauth-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-xauth-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-xauth-4.2.1-20.i386.rpm
RedHat XFree86-xdm-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-xdm-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-xdm-4.2.1-20.i386.rpm
RedHat XFree86-xfs-4.2.0-72.i386.rpm :
RedHat Upgrade XFree86-xfs-4.2.1-20.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/XFree86-xfs-4.2.1-20.i386.rpm
浏览次数:3139
严重程度:0(网友投票)
绿盟科技给您安全的保障